Archive for month: January, 2013

Before updating any of the linux components (modules, kernel etc.) make sure to do a bit of a research online first, check update version relase notes, forums and blogs as sometimes updates can cause issues to your system. The worst problems are the ones that only appear after the servers restarts which could be days or weeks after the update has been done. One of those problems we had with CentOS 6.2 after a kernel update, server would not boot. The only way to get it up and running was to remove the new kernel and run of the old one until the new kernel update was released. Read bellow how to do it.

Share this:

Like this:

MP4Box is a MP4 multiplexer utility, which can import MPEG-4 video, DivX, XviD, 3ivx, h264 etc, audio streams and subtitles into the .mp4 container. The end result is a compliant MP4 stream. It can also extract streams from a .mp4. MP4Box is a command line tool, but can be used with graphical user interfaces such as YAMB or my MP4box GUI.

Q. What is zlib ?

Ans :- zlib is a software library used for data compression. zlib is an abstraction of the DEFLATE compression algorithm used in their gzip file compression program.

Required Score:
0 means everything will be marked as Spam
5 is the default
10 means nothing will be marked as Spam

Just setup Spam Assassin once, and it works for all of the emails on your account. Spam Assassin will mark your spam so it is easy to notice. (You can even make spam assassin automatically delete those emails.)

NOTE: You can use Spam Box or Email Filtering to move the spam from your Inbox to another folder.

Check your Outlook or other mail client for filtering tools.
Unfortunately, SpamAssassin no longer rewrites the subject line of your emails.
Fortunately, you can accomplish email filtering with the tools we provide.

In your webmail, create a folder called Spam.
In cPanel, go to User Level Filtering.
Next to your email address, click Manage Filters.
Click the Create a new Filter button.
Give the filter a name like SpamAssassin Rule.
Change the “From” drop down to “Spam Status”.
Change the “equals” drop down to “begins with”.
In the large blank below, type Yes
Change the “Discard Message” drop down to “Deliver to folder”.
Click the Change button and choose your new Spam folder.
Click the Activate button.

Share this:

Like this:

iptables is administration tool / command for IPv4 packet filtering and NAT. You need to use the following tools:

[a] service is a command to run a System V init script. It is use to save / stop / start firewall service.

[b] chkconfig command is used to update and queries runlevel information for system service. It is a system tool for maintaining the /etc/rc*.d hierarchy. Use this tool to disable firewall service at boot time.

How Do I Disable Firewall?

First login as the root user.

Next enter the following three commands to disable firewall.# service iptables save
# service iptables stop
# chkconfig iptables off

If you are using IPv6 firewall, enter:# service ip6tables save
# service ip6tables stop
# chkconfig ip6tables off

Like this:

On some of the Linux distribution SELinux is enabled by default, which may cause some unwanted issues, if you don’t understand how SELinux works and the fundamental details on how to configure it. I strongly recommend that you understand SELinux and implement it on your environment. But, until you understand the implementation details of SELinux you may want to disable it to avoid some unnecessary issues.
To disable SELinux you can use any one of the 4 different methods mentioned in this article.

The SELinux will enforce security policies including the mandatory access controls defined by the US Department of Defence using the Linux Security Module (LSM) defined in the Linux Kernel. Every files and process in the system will be tagged with specific labels that will be used by the SELinux. You can use ls -Z and view those labels as shown below.

You can also use setenforce command as shown below to disable SELinux. Possible parameters to setenforce commands are: Enforcing , Permissive, 1 (enable) or 0 (disable).

# setenforce 0

Method 2: Disable SELinux Permanently

To disable the SELinux permanently, modify the /etc/selinux/config and set the SELINUX=disabled as shown below. One you make any changes to the /etc/selinux/config, reboot the server for the changes to be considered.

Following are the possible values for the SELINUX variable in the /etc/selinux/config file

enforcing – The Security Policy is always Encoforced

permissive – This just simulates the enforcing policy by only printing warning messages and not really enforcing the SELinux. This is good to first see how SELinux works and later figure out what policies should be enforced.

disabled – Completely disable SELinux

Following are the possible values for SELINUXTYPE variable in the /etc/selinux/config file. This indicates the type of policies that can be used for the SELinux.

Method 4: Disable Only a Specific Service in SELinux – HTTP/Apache

If you are not interested in disability the whole SELinux, you can also disable SELinux only for a specific service. For example, do disable SELinux for HTTP/Apache service, modify the httpd_disable_trans variable in the /etc/selinux/targeted/booleans file.
Set the httpd_disable_trans variable to 1 as shown below.

Like this:

This tutorial shows how to prepare a CentOS 6.3 x86_64 server for the installation of ISPConfig 3, and how to install ISPConfig 3. ISPConfig 3 is a webhosting control panel that allows you to configure the following services through a web browser: Apache web server, Postfix mail server, MySQL, BIND nameserver, PureFTPd, SpamAssassin, ClamAV, Mailman, and many more. Since version 3.0.4, ISPConfig comes with full support for the nginx web server in addition to Apache; this tutorial covers the setup of a server that uses Apache, not nginx.

Please note that this setup does not work for ISPConfig 2! It is valid for ISPConfig 3 only!

I do not issue any guarantee that this will work for you!

ISPConfig 3 Manual

On more than 300 pages, it covers the concept behind ISPConfig (admin, resellers, clients), explains how to install and update ISPConfig 3, includes a reference for all forms and form fields in ISPConfig together with examples of valid inputs, and provides tutorials for the most common tasks in ISPConfig 3. It also lines out how to make your server more secure and comes with a troubleshooting section at the end.

2 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

3 Install The Base System

It can take a long time to test the installation media so we skip this test here:

The welcome screen of the CentOS installer appears. Click on Next:

Choose your language next:

Select your keyboard layout:

I assume that you use a locally attached hard drive, so you should select Basic Storage Devices here:

You might see the following warning – Error processing drive. If you see this click on the Re-initialize all button to proceed:

Fill in the hostname of the server (e.g. server1.example.com), then click on the Configure Network button:

Go to the Wired tab, select the network interface (probably eth0) and click on Edit…:

Mark the Connect automatically checkbox and go to the IPv4 Settings tab and select Manual in the Method drop-down menu. Fill in one, two, or three nameservers (separated by comma) in the DNS servers field (e.g. 8.8.8.8,8.8.4.4), then click on the Add button next to the Addresses area:

Now give your network card a static IP address and netmask (in this tutorial I’m using the IP address 192.168.0.100 and netmask 255.255.255.0 for demonstration purposes; if you are not sure about the right values, http://www.subnetmask.info might help you). Also fill in your gateway (e.g. 192.168.0.1) and click on the Apply… button:

The network configuration is now finished. Click on the Next button:

Choose your time zone:

Give root a password:

Next we do the partitioning. Select Replace Existing Linux System(s). This will give you a small /boot partition and a large / partition which is fine for our purposes:

Select Write changes to disk:

The hard drive is being formatted:

Now we select the software we want to install. Select Basic Server, then check CentOS in the additional repositories field, choose Customize later and click on Next:

The installation begins. This will take a few minutes:

Finally, the installation is complete, and you can remove your DVD from the computer and reboot it:

After the reboot, log in as root.

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That’s why I disable the default CentOS firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn’t use any other firewall later on as it will most probably interfere with the CentOS firewall).

Run…

system-config-firewall-tui

… and disable the firewall. Hit OK afterwards:

Confirm your choice by selecting Yes:

If you did not configure your network card during the installation, you can do that now. Run…

system-config-network

… and go to Device configuration:

Select your network interface:

Then fill in your network details – disable DHCP and fill in a static IP address, a netmask, your gateway, and one or two nameservers, then hit Ok:

Next select Save:

You can also specify additional nameservers. Select DNS configuration:

5 Configure The Firewall

(You can skip this chapter if you have already disabled the firewall at the end of the basic system installation.)

I want to install ISPConfig at the end of this tutorial which comes with its own firewall. That’s why I disable the default CentOS firewall now. Of course, you are free to leave it on and configure it to your needs (but then you shouldn’t use any other firewall later on as it will most probably interfere with the CentOS firewall).

6 Disable SELinux

SELinux is a security extension of CentOS that should provide extended security. In my opinion you don’t need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn’t working as expected, and then you find out that everything was ok, only SELinux was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).

Edit /etc/selinux/config and set SELINUX=disabled:

vi /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

Afterwards we must reboot the system:

reboot

7 Enable Additional Repositories And Install Some Software

First we import the GPG keys for software packages:

rpm –import /etc/pki/rpm-gpg/RPM-GPG-KEY*

Then we enable the RPMforge and EPEL repositories on our CentOS system as lots of the packages that we are going to install in the course of this tutorial are not available in the official CentOS 6.3 repositories:

13 Set MySQL Passwords And Configure phpMyAdmin

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we’ll need the current
password for the root user. If you’ve just installed MySQL, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] <– ENTER
… Success!

Normally, root should only be allowed to connect from ‘localhost’. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] <– ENTER
… Success!

By default, MySQL comes with a database named ‘test’ that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

… and change the error reporting (so that notices aren’t shown any longer) and uncomment cgi.fix_pathinfo=1:

[...]
;error_reporting = E_ALL & ~E_DEPRECATED
error_reporting = E_ALL & ~E_NOTICE
[...]
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://www.php.net/manual/en/ini.core.php#ini.cgi.fix-pathinfo
cgi.fix_pathinfo=1
[...]

Next we install suPHP (there is a mod_suphp package available in the repositories, but unfortunately it isn’t compatible with ISPConfig, therefore we have to build suPHP ourselves):

If you have to modify /etc/httpd/conf/httpd.conf, don’t forget to restart Apache afterwards:

/etc/init.d/httpd restart

16 Install PureFTPd

PureFTPd can be installed with the following command:

yum install pure-ftpd

Then create the system startup links and start PureFTPd:

chkconfig –levels 235 pure-ftpd on
/etc/init.d/pure-ftpd start

Now we configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure.

Now open the Mailman Apache configuration file /etc/httpd/conf.d/mailman.conf…

vi /etc/httpd/conf.d/mailman.conf

… and add the line ScriptAlias /cgi-bin/mailman/ /usr/lib/mailman/cgi-bin/. Comment out Alias /pipermail/ /var/lib/mailman/archives/public/ and add the line Alias /pipermail /var/lib/mailman/archives/public/:

After you have installed ISPConfig 3, you can access Mailman as follows:

You can use the alias /cgi-bin/mailman for all Apache vhosts (please note that suExec and CGI must be disabled for all vhosts from which you want to access Mailman!), which means you can access the Mailman admin interface for a list at http://<vhost>/cgi-bin/mailman/admin/<listname>, and the web page for users of a mailing list can be found at http://<vhost>/cgi-bin/mailman/listinfo/<listname>.

Under http://<vhost>/pipermail/<listname> you can find the mailing list archives.

SquirrelMail Configuration : Read: config.php
———————————————————
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don’t work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.

SquirrelMail Configuration : Read: config.php
———————————————————
While we have been building SquirrelMail, we have discovered some
preferences that work better with some servers that don’t work so
well with others. If you select your IMAP server, this option will
set some pre-defined settings for that server.

Please note that you will still need to go through and make sure
everything is correct. This does not change everything. There are
only a few settings that this will change.

One last thing we need to do is modify the file /etc/squirrelmail/config_local.php and comment out the $default_folder_prefix variable – if you don’t do this, you will see the following error message in SquirrelMail after you’ve logged in: Query: CREATE “Sent” Reason Given: Invalid mailbox name.

Now you can type in http://server1.example.com/webmail or http://192.168.0.100/webmail in your browser to access SquirrelMail.

24 Install ISPConfig 3

Download the current ISPConfig 3 version and install it. The ISPConfig installer will configure all services like Postfix, Dovecot, etc. for you. A manual setup as required for ISPConfig 2 is not necessary anymore.

You now also have the possibility to let the installer create an SSL vhost for the ISPConfig control panel, so that ISPConfig can be accessed using https:// instead of http://. To achieve this, just press ENTER when you see this question: Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:.

Generating a 2048 bit RSA private key
………………………………………………….+++
…………………………..+++
writing new private key to ‘smtpd.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]: <– ENTER
State or Province Name (full name) []: <– ENTER
Locality Name (eg, city) [Default City]: <– ENTER
Organization Name (eg, company) [Default Company Ltd]: <– ENTER
Organizational Unit Name (eg, section) []: <– ENTER
Common Name (eg, your name or your server’s hostname) []: <– ENTER
Email Address []: <– ENTER
Configuring Jailkit
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configuring Bastille Firewall
Configuring Fail2ban
Installing ISPConfig
ISPConfig Port [8080]: <– ENTER

Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <– ENTER

Generating RSA private key, 4096 bit long modulus
…………………++
…….++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]: <– ENTER
State or Province Name (full name) []: <– ENTER
Locality Name (eg, city) [Default City]: <– ENTER
Organization Name (eg, company) [Default Company Ltd]: <– ENTER
Organizational Unit Name (eg, section) []: <– ENTER
Common Name (eg, your name or your server’s hostname) []: <– ENTER
Email Address []: <– ENTER

Afterwards you can access ISPConfig 3 under http(s)://server1.example.com:8080/ or http(s)://192.168.0.100:8080/ (http or https depends on what you chose during installation). Log in with the username admin and the password admin (you should change the default password after your first login):